AFS for Macintosh OS X

How to setup AFS for OS X

Installing and setting up openAFS on OS X is pretty straightforward. You need to install openAFS, configure it for our cell (also also campus’s cell), and then install and configure kerberos.

Install OpenAFS

First, download the openAFS package, generally the one you want is the Maintenance Release, as that is considered the most stable version. Run the installer. Then open Terminal.app and check the following:

  1. Change directories to /var/db/openafs/etc
    cd /var/db/openafs/etc
  2. Use vi or pico to open the ThisCell file. This file should contain only one line, with cs.unc.edu.
    sudo vi ThisCell
  3. Copy the CellServDB file to CellServDB.orig
    sudo cp ./CellServDB ./CellServDB.orig
  4. Use vi or pico to make a new CellServDB file
    sudo vi CellServDB
  5. Put the following in the CellServDB file
    >isis.unc.edu # University of North Carolina Project Isis
    152.2.1.5 #db0.isis.unc.edu
    152.2.1.6 #db1.isis.unc.edu
    152.2.1.7 #db2.isis.unc.edu
    >cs.unc.edu     #Cell name
    152.2.128.3    #afs1.cs.unc.edu
    152.2.128.4    #afs2.cs.unc.edu
    152.2.128.7    #afs3.cs.unc.edu
  6. Save the file and reboot. You should have an AFS running and be able to access the cs.unc.edu cell

Install Kerberos extras

In spring of 2011, we took down the older kaserver, so the old method of authenticating via klog no longer works. Instead, we authenticate against our CSX.UNC.EDU kerberos realm, and once we have a ticket from there, we use aklog to get access to AFS based on that ticket. OS X comes with kerberos, but MIT provides an addon package, Kerberos Extras, that extends the basic functionality. The configuration file for kerberos is /Library/Preferences/edu.mit.Kerberos, and that needs to be edited to include information about our kerberos servers and those of campus. To simplify this, bil put together a small installer that will install the kerberos extras, configure the edu.mit.kerberos file, and copy a script named afs to /usr/local/bin (if it exists) or /usr/bin.

  1. Download the klog_replacement.zip file
  2. Double click on it to unpack it.
  3. Open a Terminal window, and cd into the klog_replacement directory (you can drag the folder into the terminal window to copy that path into terminal, so type “cd[space]”, then drag the folder).
  4. Run the installer
  5. sudo ./00install.sh

At this point, you should see the kerberos extras install. Once it’s complete, you should be able to type “afs” in a terminal window and be prompted for your CS password. If everything works as expected, you’ll get a ticket in the kerberos realm and a token.